system protectedWhat needs to be done after a cyber attack. In the previous article (here and here), we have discussed a way to identify that our system was attacked by somebody, either the attack was successful or not. next question is What needs to be done after a cyber attack / during the attack (if you know its currently happening where you are watching what they are doing through the log file).

well some things you can do after / during an attack:

  • Checking the damage. is this recognise attack has any impact on our system? if yes what are they?
  • Minimise attack impact: for example: blocking IP address of the attcker
  • Recovery from backup if the attack successful
  • Do coordination with related organisation. why coordination? because bad guys doing coordination for doing attack. so why cant we do the same?
    • Inform your organisation about what is happening
    • Inform local CERT (Computer Emergency Respose Team). in indonesia, you can report to ID/SIRTII. inform them that we were under attack from XXX IP address, and attcker was doing X,Y,Z on our system
    • Inform Foreign CERT. inform them the same.

Thank you for reading 🙂

picture from

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.